From Skimming to Shimming

Cartoon character (thief) sneaking off with credit card.

Chip and PIN technology has become the new standard for payment card transactions, but the continued existence of magnetic stripes and ingenuity of card fraudsters insures that card based and other transactions are at risk. While proven more secure than magnetic stripe only cards, non EMV compliant or compromised terminals and card “fall back” events defeat the safety features of EMV chips and provide a playground for card fraudsters.

Shimmers…next generation Skimmers

One of the latest hacks targeting credit and debit cards is the “shimmer.” Deeply inserted and sandwiched directly between the card’s chip and an ATM or POS system’s card reader, it is embedded with a microchip and flash storage capable of accessing a card’s EMV chip, the card number and more. It is invisible to the cardholder and unlikely to be affected by most anti-skimming, jamming or detection solutions. Collected information can be used to create a cloned magnetic stripe card.


A CSFi customer was recently slammed by a skimmed card attack. Approximately 15 skimmed/cloned cards had been used at multiple ATMs at least 10 times each at $500 per withdrawal. They were getting hit hard and fast by continuing on-us fraudulent transactions. With losses averaging over $5,000 per card at the time of discovery, they needed a solution fast.

The Solution:

Deploying SWITCHWARE® Check BIN Limits functionality, the bank enabled CSFi’s Sentinel™ Alert Notification System to provide institution wide real-time monitoring and alerts for any violation of customizable card withdrawal rules at any ATM in their fleet. Designed to detect behavior consistent with fraudulent card use at the ATM, the bank was able to track potentially fraudulent behavior in real time and minimize losses.

With no comprehensive real-time fraud monitoring solution yet in place, the bank relied upon the capabilities of CSFi, SWITCHWARE® and Sentinel™ to stem the tide of losses from multiple on-us ATM withdrawals on the same cards. When future suspicious transactions occurred, the bank was immediately notified of the BIN, Card Number, Sequence Number, Transaction Amount, and location of the event through CSFi’s Sentinel Alerts.

While certainly not a substitute for CSFi’s far more comprehensive and robust FraudBlock® Real-Time Fraud Protection and Prevention System, monitoring and alert functionality proved invaluable in the early identification of fraudulent card activity and minimization of card losses.

What’s next? Who wins?

The best deployed technology always wins. Modern transaction monitoring, fraud analysis and real-time authorization controls give the prepared bank the upper hand. CSFi real-time card fraud prevention tools allow for split second recognition of troubling transactional activity, an opportunity for immediate response, reduced chargebacks, and an enhanced customer experience.

FraudBlock™ Real-Time Fraud Protection System

Designed to detect transaction anomalies, CSFi’s FraudBlock is an easy-to-use solution that provides granular “down to card level” control of fraud risk. Designed to combat the efforts of fraudsters today and tomorrow, including card not present transactions, FraudBlock puts the bank in charge. FraudBlock can stop fraud before it happens.

  • Block fraud at the cardholder level
  • Alert of fraud based patterns of cardholder use
  • Block fraud in real-time and background
    Inspect transactions as they are being processed or immediately after approval.
  • Allow instantaneous “on the fly” implementation, disablement, or modification of fraud rules and post review actions
    No waiting on an EFT or ATM network.
  • Block fraud using On-Demand Network Denial Rules
    Build denial rules that reject transactions using values on the ISO8583 messages.
  • Automate “on demand” blocking or authorization based on changes to card status
  • Build or copy custom rules
    Card issuers can build custom rules specific to their needs or copy existing rules to modify them.
  • Block fraud outside the country
    Isolate fraudulent transactions from a specific country or designate a specific set of countries as “risky.”
  • And so much more…

For more information on optimizing the security of your transaction environment contact a CSFi representative today.

Visit and Register now to watch a video of FraudBlock in action and enable full access to our web resources. Once registered, users have full access to brochures, videos and additional information describing the features and benefits of SWITCHWARE® G4, FraudBlock™, ATM Encryption Solutions, Sentinel™, EMV support, and our entire suite of products, services and solutions.

By : Sales and Marketing /February 20, 2019 /Featured News, News /0 Comment

Comments are closed.